Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

SSL VPN: Convert .ovpn to .apc/.epc for Site-to-Site SSL Tunnels

Please make a tool to conver regular openvpn configuartion files to your apc/epc format. Without such a tool it is impossible to use an astaro as client for existing openvpn server.

450 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Ruben PüttmannRuben Püttmann shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    44 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Steve SantSteve Sant commented  ·   ·  Flag as inappropriate

        This is a rather glaring omission, but I appreciate the difficulties in integrating a new connection paradigm into the existing platform. However, it's one of those occasions where the water is clearly flowing in a certain direction and it would seem sensible to invest the necessary resources in doing this fully and correctly rather than offering a quick fix.

      • Simon ShawSimon Shaw commented  ·   ·  Flag as inappropriate

        We'd like this feature so we can route certain traffic out of China via VPN servers hosted in Hong Kong. (China Telecom and Unicom have excellent links to HK but routing is an issue.

      • TormodTormod commented  ·   ·  Flag as inappropriate

        Why cant we, if we want, set up a SSL VPN Client manually?
        Its not that hard to copy certificates, server addresses and such..

      • Angelo ComazzettoAdminAngelo Comazzetto (Product Ninja, Sophos Features & Ideas Laboratory) commented  ·   ·  Flag as inappropriate

        To provide a status update. The .apc/.epc format you refer to is not just a .ovpn file which has been converted to a proprietary format. As there is no standard at all for site-to-site SSL VPN at this time, we needed to include more information than just tunnel parameters in the file that you download as "ours" from a UTM.

        Conversely, a simple .OVPN file does not contain all the information a UTM needs in order to construct a site-to-site SSL VPN. There are configuration objects used by the UTM that are used by our CONFD in the underlying system overall, and these cannot be easily deduced and labelled by the system. As such, the idea of using a UTM-generated site-to-site SSL VPN configuration file with your OpenVPN server, or importing a .OVPN file (with all the gamut of parameters possible in such a file) into the UTM for easy cross-device SSL VPN site-to-site is a large technical challenge with too many places where assumptions we would have to make would limit the scope and usefulness any ways.

        We will look at some sort of solution, but it isn't a simple thing we can easily do in the short term. Keep voting! We see you guys.

      • AnonymousAnonymous commented  ·   ·  Flag as inappropriate

        Try to setup a connection the other way round: Astaro as server and a linux server as a client.

        Cannot understand why somebody should invent this strange format.

        But at least a way for conversion is needed. NEEDED!

      • PeterPHPeterPH commented  ·   ·  Flag as inappropriate

        This is the only thing which is extremely missing from UTM. Definitely voting for this!

      • Daryl MorseDaryl Morse commented  ·   ·  Flag as inappropriate

        I agree that this feature is necessary. UTM uses OpenVPN, which is a standard. It makes no sense that UTM cannot import a .ovpn file plus the necessary certs and key. This should be a relatively trivial feature to implement, since a .ovpn file is clear text. Alternataively to supporting importation of a .ovpn, UTM could generate a template .apc file with clearly defined sections for a user to paste in the relevant info (ovpn configuration plus certs and key). How hard can that be?

      • attickaatticka commented  ·   ·  Flag as inappropriate

        Must have feature, there is no logical reason not to support OVPN client files.

      • Jacob BirdJacob Bird commented  ·   ·  Flag as inappropriate

        temp workaround... backup the file at /var/chroot-openvpn/etc/openvpn/client/REF_SslCliStrongvpn/config-default then modify it with your OpenVPN info then feed the webui any .apc file and it will create the tunnel with your settings...

      • Alois MAlois M commented  ·   ·  Flag as inappropriate

        I was to buy the hardware version of Astaro but after this I don't think I will. Can anyone share how I can convert .ovpn to apc or epc? This needs to be done.

      • coewarcoewar commented  ·   ·  Flag as inappropriate

        I can not believe this was not done from the beginning. To create some proprietary way that's specific for this brand of router for this kind of connection is so dark-ages.

      ← Previous 1 3

      Feedback and Knowledge Base